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PRELIMINARY AMENDMENT 



Assistant Commissioner for Patents 
Washington, DC 20231 

Sir: 

Prior to examination, please amend the above-identified application as follows: 



Please amend the claims as follows: 
Clean copy of amended claims : 

4. A computer device according to claim 1, where in said supervisory unit (14) is 
arranged to generate a signal in dependence of a timer (18) in such a manner that said restart 
signal is generated if no trigger-signal signal that sets the timer (18) to zero is received within a 
predetermined time interval. 



In the Claims : 
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5. A computer device according to claim 1, comprising a memory safety circuit (20) that 
is arranged to stop the reading from the ordinary memory unit (12) and to connect for reading 
from said further memory unit (16) when both said restart signal and a signal indicating applied 
supply voltage is the case. 

6. A computer device according to claim 1, wherein said further memory unit (16) is 
arranged such that it comprises basic system instructions with a high degree of reliability. 

8. A computer device according to claim 1, wherein at least said further memory unit 
(16) is a non- volatile memory. 

9. A computer device according to claim 1, wherein said processor means (10) comprises 
a working memory (22) that is arranged such that at a restart of the computer device this working 
memory (22) is reset before reading from said further memory unit (16) is started. 

10. A computer device according to claim 1, arranged such that if said restart signal has 
been generated a predetermined number of times, then, in case an error occurs again, said stop 
signal is generated. 

1 1. A computer device according to claim 1, comprising a switching member (24) for 
manually generating said restart signal. 
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14. Use of a computer device according to claim 1 for controlling a system that is 
included in an aircraft. 

Amended claims : 

4. (Amended) A computer device according to [any of the preceding claims] claim 1 , 
where in said supervisory unit (14) is arranged to generate a signal in dependence of a timer (18) 
in such a manner that said restart signal is generated if no trigger-signal signal that sets the timer 
(18) to zero is received within a predetermined time interval. 

5. (Amended) A computer device according to [any of the preceding claims] claim 1 , 
comprising a memory safety circuit (20) that is arranged to stop the reading from the ordinary 
memory unit (12) and to connect for reading from said further memory unit (16) when both said 
restart signal and a signal indicating applied supply voltage is the case. 

6. (Amended) A computer device according to [any of the preceding claims] claim 1, 
wherein said further memory unit (16) is arranged such that it comprises basic system 
instructions with a high degree of reliability. 

8. (Amended) A computer device according to [any of the preceding claims] claim 1, 
wherein at least said further memory unit (16) is a non- volatile memory. 

9. (Amended) A computer device according to [any of the preceding claims] claim 1, 
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wherein said processor means (10) comprises a working memory (22) that is arranged such that 
at a restart of the computer device this working memory (22) is reset before reading from said 
further memory unit (16) is started. 

10. (Amended) A computer device according to [any of the preceding claims] claim 1, 
arranged such that if said restart signal has been generated a predetermined number of times, 
then, in case an error occurs again, said stop signal is generated. 

11. (Amended) A computer device according to [any of the preceding claims] claim 1, 
comprising a switching member (24) for manually generating said restart signal. 

14. (Amended) Use of a computer device according to [any of the claims 1-12] claim 1 
for controlling a system that is included in an aircraft. 



Remarks 



Applicants have amended the claims to eliminate multiple dependencies and thereby 



reduce the filing fee. 



Respectfully submitted, 



Date: March / '? .2002 




Eric J. Franklin, Reg. No. 37,134 
Swidler Berlin Shereff Friedman 
3000 K Street, NW, Suite 300 
Washington, DC 20007 
Telephone: (202) 424-7500 
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A COMPUTER DEVICE WITH A SAFETY FUNCTION 



5 

BACKGROUND OF THE INVENTION AND PRIOR ART 

The present invention concerns a computer device with a safety 
10 function for avoiding non-necessary disconnection of the computer 
device, comprising processor means, an ordinary memory unit 
connected to said processor means and arranged to comprise at 
least one program that is executed by the processor means, a 
supervisory unit that supervises the function of the computer device 
15 and that is arranged to, in case an error occurs, send a restart 
signal or a stop signal to the processor means. 

Such computer devices are already known. The supervisory unit 
may for instance constitute a so-called "watchdog timer". US-A-4 

20 763 296 describes the function of such a watchdog timer. Such a 
device thus has a timer that continuously is in operation when the 
computer device is used. If the timer reaches a predetermined 
value, i.e. if a predetermined time has elapsed, the watchdog timer 
generates a restart signal that causes a restart (reset) of the 

25 computer device. During normal use, the timer is set to zero at 
regular intervals by the normal program execution by the processor. 
In case an error occurs, for example if the computer executes an 
infinite subroutine, the timer will not be set to zero and the 
watchdog timer thus causes a restart of the system. 

30 

Also other kinds of computer devices with safety functions are 
already known. EP-A-481 508 thus describes a device that 
comprises a backup memory. When the current supply to the 
computer device is shut off, the status of the central processor and 
35 the content in a main memory are transferred to said backup 
memory. When then the computer device is started once again by 
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again connecting the current supply, that which is stored in the 
backup memory will be restored. 

EP-A-265 366 describes a computer device that comprises a 
5 primary memory and a backup memory. Switching from the primary 
memory to the backup memory is done by means of a "Backup 
Control System Transfer Mechanism". This mechanism is relatively 
complicated. At the generation of a power-on-reset signal, said 
mechanism secures that restart is done from the primary memory 
10 (see column 6, lines 21-28). 

There exists a need to improve the safety function of a computer 
device. There is thus a need of in a safe manner restarting the 
computer device when an error has been detected. Such an error 

15 that may cause errors in the operation of the computer is for 
example memory errors that may occur in the memory where 
programs that are executed in the computer device are stored. An 
error may also be caused by the software that is stored in the 
memory of the computer device. Such errors may for example occur 

20 when new software is used that has not been completely tested. 
Furthermore, there exists a need to secure the function of the 
computer device by relatively simple means. A further problem is to 
secure at least certain basic functions of the computer device when 
different errors occur. 

25 

SUMMARY OF THE INVENTION 

The purpose of the present invention is to achieve a computer 
device with a reliable safety function that, furthermore, is achieved 
30 by relatively simple means. 

This purpose is achieved by the initially defined computer device 
that is characterised by a further memory unit that is arranged to 
comprise at least some basic system instructions, wherein the 
35 computer device is arranged such that the processor means, at a 
restart generated by said restart signal from the supervisory unit, is 
connected to the further memory unit and reads and executes 
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instructions that are stored in the same, while the ordinary memory 
unit is disconnected from the processor means. 

By the fact that the processor means is connected to the further 
5 memory unit when a restart signal has been generated by the 
supervisory unit, it is avoided that possible errors that are present 
in the instructions that are stored in the ordinary memory unit are 
transferred to the processor means. A safer function of the 
computer device after that a restart signal has been generated in 

10 response to a detected error is thereby achieved. In this context it 
should be noted that when in the claims and in the description it is 
mentioned that a memory unit is connected to or is disconnected 
from the processor means, it is thereby not necessarily meant that 
the disconnection is done by physically breaking the connection 

15 between the processor means and the memory unit in question. The 
concepts connect to and disconnect thus comprise two possibilities: 
physical switching by breaking the connection, and the connection 
to and the disconnection from at a program level. 

20 It should be noted that by the concept "system instructions" is in 
this application preferably, but not necessarily, meant programs that 
control a system or a part of a system that is controlled by the 
computer device, i.e. the concept "system instructions" concerns 
application instructions. 

25 

According to an embodiment of the invention, the ordinary memory 
unit and the further memory unit constitute two different, physically 
separate, memories. By this feature an increased security is 
achieved since the ordinary memory unit is arranged as a separate 
30 memory that is completely disconnected from the processor means 
at a restart. 

According to an alternative embodiment of the invention, the 
ordinary memory unit and the further memory unit constitute two 
35 parts of physically the same memory, but with different memory 
addresses. Through this construction fewer memory components 
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are needed since the further memory unit is stored as a special part 
of the memory where also the ordinary memory unit is included. 

According to a further embodiment of the invention, said 
5 supervisory unit is arranged to generate a signal in dependence of 
a timer in such a manner that said restart signal is generated if no 
trigger signal that sets the timer to zero is received within a 
predetermined time interval. The supervisory unit may in this case 
thus constitute a so-called watchdog timer (WDT). Such a WDT 
10 often forms part of computer devices. Such a well functioning and 
already existing WDT may thus be used as a supervisory unit in the 
device according to the present invention. It should however be 
noted that also other kinds of supervisory units than a WDT may be 
used in the computer device according to the invention. 

15 

According to still another embodiment of the invention, the 
computer device comprises a memory safety circuit that is arranged 
to stop the reading from the ordinary memory unit and to connect 
for reading from said further memory unit when both said restart 

20 signal and a signal indicating applied supply voltage is the case. 
Such a memory safety circuit is a relatively simple and well 
functioning circuit that controls that switching from the ordinary to 
the further memory unit takes place. Furthermore, this memory 
safety circuit secures that such a switching only occurs if supply 

25 voltage to the computer device is present. 

According to a further embodiment of the invention, said further 
memory unit is arranged such that it comprises basic system 
instructions with a high degree of reliability. The further memory 

30 unit may hereby be arranged to comprise system instructions that 
have already been thoroughly tested and that therefore have a high 
functional reliability. The further memory unit may hereby also be 
provided with the basic system instructions for the computer device 
while non-necessary system instructions have been excluded from 

35 said further memory unit. 
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According to still another embodiment of the invention, said further 
memory unit is arranged such that it comprises system instructions 
with a degree of reliability that is higher than the degree of reliability 
that is the case in the ordinary memory unit. The ordinary memory 
5 unit may thus comprises system instructions that have not been so 
thoroughly tested in the computer device. The further memory unit 
may thereby comprise the basic system instructions that have 
already been shown to have a high reliability. Within the frame of 
the invention is of course also the possibility that the ordinary 
10 memory unit and the further memory unit comprise system 
instructions with the same degree of reliability. 

According to a further embodiment of the invention, at least said 
further memory unit is a non-volatile memory. This fact contributes 
15 to an increased functional reliability of the computer device. 

According to still another embodiment of the invention, said 
processor means comprises a working memory that is arranged 
such that at a restart of the computer device this working memory is 
20 reset before reading from said further memory unit is started. By 
this feature is secured that instructions that may comprise errors 
and that originate from the ordinary memory unit do not maintain in 
the working memory before reading from the further memory unit is 
started. 

25 

According to a further embodiment of the invention, said further 
memory unit is arranged to be write protected at least when the 
computer device is in operation. This fact contributes to further 
safety since the content in this further memory unit is protected and 
30 may not be modified when the computer device is in operation. 

According to still another embodiment of the invention, the 
computer device is arranged such that if said restart signal has 
been generated a predetermined number of times, then, in case an 
35 error occurs again, said stop signal is generated. This means that 
the supervisory unit generates a predetermined number of restart 
signals. If it happens that an error is the case even after that a 
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predetermined number of restart attempts have been made, the 
computer device is stopped. 

According to still another embodiment of the invention, the 
5 computer device comprises a switching member for manually 
generating said restart signal. This means that in addition to 
automatic generation of a restart signal by the supervisory unit, also 
a manual restart signal may be generated by an operator. An 
operator may thus order that a restart from the further memory unit 
10 is to take place. 

A further embodiment of the invention is clear from claim 13. This 
embodiment may also be combined with the features of one or more 
of the claims 2-12. 

15 

The purpose of the invention is also achieved by a method 
according to claim 14. This method has advantages corresponding 
to those described in connection with the device. The method 
according to claim 14 may also be combined with features 
20 corresponding to those defined in one or more of the claims 2-12. 

A preferred use of the computer device is to use it to control a 
system that is included in different vehicles, for example in aircrafts. 
An aircraft has many different functions that are controlled by a 
25 computer device. It is important that these functions function and 
that unnecessary disconnection of the computer device or of its 
operation concerning some application is avoided. This aim is 
achieved by a use according to claim 15. 

30 SHORT DESCRIPTION OF THE DRAWING 

The present invention will now be explained by means of a 
described embodiment, which constitutes an example of the 
invention, and with reference to the annexed drawing. 

35 

Fig 1 shows schematically a block diagram of an embodiment of the 
invention. 
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DETAILED DESCRIPTION OF AN EMBODIMENT OF THE 
INVENTION 

5 Fig 1 shows a block diagram of an embodiment of the invention. 
The computer device comprises a processor means 10. With this 
processor means 10 is meant not only the central processor unit 
(CPU) of the computer device but also other central parts of the 
computer device such as for example the working memory 22. The 

10 computer device also comprises an ordinary memory unit 12. This 
ordinary memory unit 12 may for example constitute some kind of 
PROM, for example UVPROM, EEPROM or the like. When the 
computer device first is started, the processor means 10 is 
connected to the ordinary memory unit 12. This ordinary memory 

15 unit 12 is thus arranged to comprise the instructions that control the 
operation of the computer device. The computer device also 
comprises a supervisory unit 14. The supervisory unit 14 supervises 
the function of the computer device and is arranged to generate a 
restart signal or a stop signal to the processor means 10 if the 

20 supervisory unit 14 detects an error. The supervisory unit 14 may 
for example constitute a so-called watchdog timer (WDT). Such a 
WDT 14 generates a signal that depends on a timer 18. A restart 
signal is thereby generated if the WDT 14 within a predetermined 
time interval does not receive a trigger-signal that sets the timer 18 

25 to zero. In order to have a high reliability, the WDT 14 comprises 
suitably its own timer 18. It is however possible that the timer 
function of the WDT 14 is controlled by the same clock that is 
included in the processor means 10. 

30 The computer device also comprises a further memory unit 16. This 
further memory unit 16 is arranged to comprise at least some basic 
system instructions. The further memory unit 16 may constitute a 
memory that is physically separated from the ordinary memory unit 
12. It is also possible that the ordinary memory unit 12 and the 

35 further memory unit 16 constitute two parts of physically the same 
memory. In order to further increase the reliability in case a memory 
error should occur, the ordinary memory unit 12 and the further 
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memory unit 16 may constitute physically separate memories of 
different kinds, for example from different manufacturers. The 
further memory unit suitably constitutes some kind of PROM, for 
example UVPROM or EEPROM. 

5 

The computer device also comprises a memory safety circuit 20. 
This memory safety circuit 20 may form a part of the processor 
means 10. In the shown embodiment, the memory safety circuit 20 
however constitutes a separate circuit. The memory safety circuit 

10 20 comprises an AND-gate 21. The memory safety circuit 20 
controls which of the ordinary memory unit 12 and the further 
memory unit 16 that is to be connected to the processor means 10. 
This control may either be formed by opening or closing the electric 
connection between the respective memory unit 12, 16 and the 

15 processor means 10 or also be formed by a control on a program 
level of these connections. It is also possible that the control, is 
done by a combination of software instructions and physically 
opening or closing. One input of the AND-gate is connected to a 
line 23 that indicates that a supply voltage is present. The other 

20 input of the AND-gate 21 is connected to a line 25 that is connected 
to the WDT 14. Via this line 25, a restart signal generated by the 
WDT 14 is lead to the AND-gate 21 and thereby to the memory 
safety circuit 20. 

25 The computer device also comprises a switching member 24 for 
manually generating a restart signal. This switching member 24 
may suitably be connected to the input of the AND-gate that is also 
connected to the WDT 14. 

30 The WDT 14 thus supervises the function of the computer device. 
When the computer device functions normally, th.e WDT 14 receives 
at regular intervals a trigger-signal from the processor means 10. 
This trigger-signal sets the timer 18 to zero. The WDT 14 does 
thereby not generate any restart signal to the line 25. If, however, 

35 an error occurs such that the WDT 14 does not receive any trigger- 
signal from the processor means 10 within a predetermined time 
interval, the WDT 14 generates a restart signal. This restart signal 
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is thus lead to one of the inputs of the AND-gate 21. When the 
AND-gate 21 receives such a restart signal, and if at the same time 
the other input of the AND-gate 21 detects that a supply voltage is 
the case, the memory safety circuit 20 controls that the ordinary 
5 memory unit 12 is disconnected from the processor means 10 and 
that the further memory unit 16 is connected to the processor 
means 10. Also the processor means 10 receives a signal, suitably 
from the WDT 14, that a restart is to be performed. The working 
memory 22 of the processor means 10 is thereby reset, whereafter 
10 reading from the further memory unit 16 takes place. The reading is 
thereby done to predetermined addresses of the working memory 
22. The processor means 10 thus reads and executes the 
instructions that are stored in the further memory unit 16. 

15 It is conceivable that a restart attempt fails and that the WDT 14 
thus generates a new restart signal. If again an eFror is detected, 
further restart signals may be generated by the WDT 14. The 
computer device is thereby suitably arranged such that when a 
predetermined number of restart attempts have been made, the 

20 restart attempts are stopped. A warning function may thereby be 
generated by the computer device and the latest information 
concerning the status of the processor means 10 and the memory 
units 12, 16 may be registered for later analysis. The computer 
device is suitably arranged such that the restart attempts are 

25 stopped after for example one to four restart attempts, preferably 
after two restart attempts. The computer device may thereby be 
arranged such that the restart attempts are stopped if said 
predetermined number of restart attempts have been performed 
within a predetermined time interval. 

30 

In order to increase the safety, the further memory unit 16 is 
suitably arranged such that it is write protected when the computer 
device is in operation. Furthermore, suitably the ordinary memory 
unit 12 as well as the further memory unit 16 constitute non-volatile 
35 memories. 
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The further memory unit 16 is suitably arranged such that it 
comprises basic system instructions with a high degree of reliability. 
The further memory unit 16 may thereby comprise primary and well- 
tested system functions. Suitably, the further memory unit 16 is 
5 arranged such that it thereby comprises system instructions with a 
higher degree of reliability than the system instructions that are 
present in the ordinary memory unit 12. By the expression "degree 
of reliability" may hereby for example be meant the software safety 
levels that are defined according to RTCA-standard document 
10 NO.RTCA/DO-178B. 

The computer device according to the invention may preferably be 
arranged to secure the normal function of the computer device 
under the execution of an application program even when an error 

15 occurs that otherwise would lead to a disconnection and a shut-off 
of the computer device, or at least to the interruption of the 
execution of the application program in question. The ordinary 
memory unit 12 thus comprises an application program that is 
executed by the processor means 10. In case an error occurs in the 

20 execution of at least said application program, the processor means 
10 is connected to the further memory unit 16 that is arranged to 
comprise at least some basic, already used and safe application 
instructions. The computer device is thus arranged such that the 
execution of the application that is controlled by the application 

25 program may continue on the basis of the application instructions 
that are retrieved from the further memory unit. 

According to a method according to the invention, if an error occurs, 
a connection to the further memory unit 16 that comprises at least 

30 some basic application instructions takes place. The execution of 
the application that is controlled by an application program may 
thereby continue on the basis of the application instructions that are 
retrieved from the further memory unit and that are read in a normal 
and traditional manner into the processor means 10 with a normal 

35 reset of the working memory 22. 
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The computer device according to the invention may also 
advantageously be used to control a system that is included in an 
aircraft. 

5 The present invention is not limited to the shown embodiment but 
may be varied and modified within the scope of the following claims. 
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Claims 



1. A computer device with a safety function for avoiding non 
necessary disconnection of the computer device, comprising 

5 processor means (10), 

an ordinary memory unit (12) connected to said processor 
means (10) and arranged to comprise at least one program that is 
executed by the processor means (10), 

a supervisory unit (14) that supervises the function of the 
10 computer device and that is arranged to, in case an error occurs, 
send a restart signal or a stop signal to the processor means (10), 
characterised by 

a further memory unit (16) that is arranged to comprise at 
least some basic system instructions, wherein the computer device 

15 is arranged such that the processor means (10) always at a restart 
generated by said restart signal from the supervisory unit (14) is 
connected to the further memory unit (16) and reads and executes 
instructions that are stored in the same, while the ordinary memory 
unit (12) is disconnected from the processor means (10), and 

20 wherein said further memory unit (16) is arranged to be write 
protected at least when the computer device is in operation. 

2. A computer device according to claim 1, wherein the ordinary 
memory unit (12) and the further memory unit (16) constitute two 

25 different, physically separate, memories. 

3. A computer device according to claim 1, wherein the ordinary 
memory unit (12) and the further memory unit (16) constitute two 
parts of physically the same memory, but with different memory 

30 addresses. 



4. A computer device according to any of the preceding claims, 
wherein said supervisory unit (14) is arranged to generate a signal 
in dependence of a timer (18) in such a manner that said restart 
35 signal is generated if no trigger-signal signal that sets the timer (18) 
to zero is received within a predetermined time interval. 
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5. A computer device according to any of the preceding claims, 
comprising a memory safety circuit (20) that is arranged to stop the 
reading from the ordinary memory unit (12) and to connect for 
reading from said further memory unit (16) when both said restart 

5 signal and a signal indicating applied supply voltage is the case. 

6. A computer device according to any of the preceding claims, 
wherein said further memory unit (16) is arranged such that it 
comprises basic system instructions with a high degree of reliability. 

%:>:- 10 

7. A computer device according to claim 6, wherein said further 
memory unit (16) is arranged such that it comprises system 
instructions with a degree of reliability that is higher than the degree 
of reliability that is the case in the ordinary memory unit (12). 

15 

8. A computer device according to any of the preceding claims, 
wherein at least said further memory unit (16) is a non-volatile 
memory. 

20 9. A computer device according to any of the preceding claims, 
wherein said processor means (10) comprises a working memory 
(22) that is arranged such that at a restart of the computer device 
this working memory (22) is reset before reading from said further 
/ memory unit (16) is started. 

25 

10. A computer device according to any of the preceding claims, 
arranged such that if said restart signal has been generated a 
predetermined number of times, then, in case an error occurs again, 
said stop signal is generated. 

30 

11. A computer device according to any of the preceding claims, 
comprising a switching member (24) for manually generating said 
restart signal. 

35 12. A computer device arranged to secure the normal function of 
the computer device under the execution of at least one application 
program also when an error occurs that normally leads to 
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disconnection and shut-off of the computer device or at least to 
disconnection concerning said application program, which computer 
device comprises 

processor means (10), an ordinary memory unit (12) connected to 
5 said processor means (10) and arranged to comprise at least an 
application program that is executed by the processor means (10), 
a supervisory unit (14) that supervises the function of the computer 
device and that is arranged to, in case an error occurs in the 
execution of at least said application program, send a restart signal 
10 or a stop signal to the processor means (10), 
characterised by 

a further memory unit (16) that is arranged to comprise at least 
some basic application instructions, wherein the computer device is 
arranged such that always when a restart takes place in response 

15 to a restart signal generated by the supervisory unit (14), the 
processor means (10) is connected to the further memory unit (16) 
and reads and executes instructions that are stored in the same, 
while the ordinary memory unit (12) is disconnected from the 
processor means (10), wherein the computer device is arranged 

20 such that the execution of the application that is controlled by said 
application program may continue on the basis of the application 
instructions that are retrieved from the further memory unit, wherein 
the execution of the application in question may continue without 
the necessity for the computer device to be disconnected, and 

25 wherein said further memory unit (16) is arranged to be write 
protected at least when the computer device is in operation. 

13. A method for securing the normal function of a computer 
device under the execution of at least one application program also 
30 when an error occurs that normally leads to disconnection and shut- 
off of the computer device or at least to disconnection concerning 
said application program, which computer device comprises 
processor means (10), 

an ordinary memory unit (12) connected to said processor means 
35 (10) and arranged to comprise at least one application program that 
is executed by the processor means (10), 
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a supervisory unit (14) that supervises the function of the computer 
device and that is arranged to, in case an error occurs in the 
execution of at least said application program, send a restart signal 
or a stop signal to the processor means (10), 
5 a further memory unit (16) that is arranged to comprise at least 
some basic application instructions, wherein said further memory 
unit (16) is arranged to be write protected at least when the 
computer device is in operation, 

which method comprises that always when a restart takes place in 
10 response to a restart signal generated by the supervisory unit (14), 
the processor means (10) is connected to the further memory unit 
(16) and reads and executes instructions that are stored in the 
same, while the ordinary memory unit (12) is disconnected from the 
processor means (10), wherein the execution of the application that 
15 is controlled by said application program may continue on the basis 
of the application instructions that are retrieved from the further 
memory unit such that the execution of the application in question 
may continue without the necessity for the computer device to be 
disconnected. 



14. Use of a computer device according to any of the claims 1-12 
for controlling a system that is included in an aircraft. 
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